Banner object (1)

Hack and Take the Cash !

790 bounties in database
  Back Link to program      
30/06/2015
Responsible Disclosure | PagerDuty logo
Thanks
Gift
Hall of Fame
Reward

Responsible Disclosure | PagerDuty

PagerDuty takes security vulnerabilities and concerns seriously. We encourage our users and members of the security community to privately and responsibly report possible vulnerabilities and incidents to us so that we can address these issues quickly.

If you have a security concern or wish to report a vulnerability in our product, please email us at security@pagerduty.com (use our PGP key to encrypt the email if the information is sensitive). We’ll keep all information confidential and work with you to make sure we understand the issue and address it as quickly as possible. We request that you do not disclose any information publicly until we have been able to understand the impact and mitigate the risk.

All issues reported to the PagerDuty Security Team will be investigated promptly.

  • We’ll acknowledge your report as soon as we can.
  • We’ll investigate the issue fully. (We may elect not to disclose any information publicly until the issue is fully understood to mitigate any risk.)
  • Once the issue is resolved, we’ll alert any affected customers.

If possible, please send the following information:

  • Exact reproduction steps, preferably in text format.
  • URL and parameters demonstrating the vulnerability.
  • Any relevant details of your system’s configuration, such as any browser or user-agent information.
  • Your IP address and PagerDuty account, to coordinate with our logs.
  • Please do not send any executable attachments.
  • If the information is sensitive, please encrypt your email with our PGP key.

What is not a valid issue:

  • Best practices. We don’t accept submissions that are simply configuration/policy suggestions. This includes things such as hardfail SPF records, DMARC, and others.
  • User/account enumeration.
  • Login/Logout CSRF.
  • Email spoofing.
  • Clickjacking and similar techniques.
  • Cookies without “Secure Flag”, our site is all HTTPS with strict-transport-security.

(note this is not an exhaustive list, just the most common. Just because something doesn’t appear on this list, it does not automatically make it a valid bounty awarded submission)

We ask that you use common sense when seeking out security bugs. Do not attempt to compromise other users or accounts on PagerDuty or attempt to impact the stability of our infrastructure (Denial of Service attacks, etc). Vulnerabilities should be disclosed to us privately, and we should be given reasonable time to respond.

Running security scanning tools tends to create more noise than useful information. While we appreciate research and disclosure, we kindly ask that you do not use scanners to find vulnerabilities.

Thanks for Working With Us

We respect the talented people that locate security issues and appreciate all efforts to disclose responsibly.

PagerDuty Security Team PGP Key

If you wish to communicate privately with us about your concern, you can use the following PGP key to encrypt your message to us and verify any signed messages you receive from us. This key is also uploaded to a variety of common key servers.

Key ID: E6E3F1BE

Fingerprint: EF49 9DFB 8457 B662 0919  D702 B05A 3200 E6E3 F1BE

User ID: PagerDuty Security  <security@pagerduty.com>

Key: 4096-bit, RSA





-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFK43kkBEACrYnSnA/IFpo7tdNTip9tkmVNsREZHXNU50F95vLvpwoYpXfXluIruokRk

5XnO6CBCCpIuA0MHuWGAdC1glAduJnQzWTHNHXDR6GJJuXNWpQWJW7H4kkQKlux+pEDAD5IP

L77tWCLgwQNTUUoXCPIpi1EL7Irhhyf5bTs2qMK4clUdyKX1lcA961KyY3ffap1+tq+tEU8z

R/RykxYfkIWkUTuO42wk+odYL7XHFx98iOhnRL8QBTGqMQkkjWcO/RPwthsKkVKGctrdorNj

dxDTofHREm85NiQKqwc0PdfrvDNDZCJlzsJ1b2/fliUSAWkezAQ1f67huUjBUoQc4L6xzYdj

yey0I6+aVze6e7zAP7uPLbVl3nL7T+ehijm49AZufN/gUql/1HmB5sAUvYN9QV1WgCX4Ehbq

/+KYwsUk9xsZ2YDWl3f3vnNMdU6wn0ljCntpTvnr3MC3S+KCm17yR+9HgUeimvWepK8r2B/9

kw68JYrs/oUdx5+Eyw9I4wGVTIMxW2PfsSZx5Zgc9pyGazLRFvwGX1PJMdy+7gmAbHBJj4af

6PonWXwtQeZBwco5H9D5f4t5g5zUVq3Uh1ciz9hpUmWsT7sB2H0YyNfr2mQFu4TkQ6nV+tSi

ZGF/cqDAEpNrqrk6C9jx9+HunZBaaffE8QQx5YOdQHPSXP3O6QARAQABtCtQYWdlckR1dHkg

U2VjdXJpdHkgPHNlY3VyaXR5QHBhZ2VyZHV0eS5jb20+iQI3BBMBAgAhAhsDAh4BAheABQJS

uN51BQsJCAcDBRUKCQgLBRYCAwEAAAoJELBaMgDm4/G+IbUP/3bdleGOg2TG4GkotpSo5v0r

QAb9gQQTpJztY22SmdHrRD6qbKSvL9d94/wCgZsa4Sngh2O3x9TANw5+ljd3pZsjSnk5u3xN

GwOKyxXo99ABhmUVt3fkKt+u+o7XY22ZGm/C55MOOBS8wTPh+20VV+FclqpNRbNJiTJMN/wi

TIVIW2ZL4+gbQrwvqVmotxKFRB1GYl8D6+1dXEoi4UtGgjwmMNemSvXXrqD9GA8nqEvDPluu

1sJIBeAyzT2sFuQ+XM5DErelLVTqvgWC5KUEzHm4WN9rvrtiVhKGnDMmYE5aYBJjeSauY1mc

gBAvcVh3qIrRHHtVr/zK7ldtmC99lkOJd0PhjApLGklm7WHqWlGjCDV4PxHOyjviVp2sVzTe

xlTFSTQm4XQrwg7OWZFdoJ6HeWmTyOTzTPL4pFo3kX2En8dvAmDLi8zlNc4CvQX8NjtWwnzk

JrHiV/H2I5Xr9G+nxpffmq296lSIoufedsd6yMctzjkJH5bmPe2htpqeaCXO5imstF7JLY3B

fTk0sRxLdNXrZOFRGG3C/DuMggr8cua0jXJeq97avOutcE0IzfPHGxv3Q3MSioVbBt7z51V/

hdrjeEEAg8rk9dz5jk+NLTW8S6g+RhMoq+yfIu1zRX+2qW0iPawQxUXB+SRYWg4YqgLmB/zC

y9s7duMWy0xYiQI4BBMBAgAiBQJSuN5JAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK

CRCwWjIA5uPxvkZsD/9+CwQkm8t/5Fc6CWpomjBuoQxlxQkCXSw2oQFqKRKhJx3UhNzpuYuS

0ybEk1WyR8AdkrkrUDkuI+flnwlHK2XpLDOrbDtLwU7+yUKF0wD3KKjaeSCuDrqgYMj4jw7c

nJZQRtAdG6Xgedn1Q3pWDy5W4dmzK9U9TIZda1RHXYomnuxlVU1EZp8blViea/TkiO3nQ0+I

RxebljKUcpypXBRHsz7e7+Zek2VggKSwYweWzYZykWUu0d7YiETSsSVRERh+l4Gbc41SlSV2

hB7g/K2gIjTPP5cU93uLtSsevkuDLgWBnqrdjlY52YwsphPK/CWDisxJdwfq7YV7537L2/Wr

fIS4zPjvDvNeVxcpuFriTee8GU/k5UqxscLZ2jGwVzVA3dhfsNVe/zUsgIpgfTEJLl9dhQyW

tsElD8kJU2ElYfv3QxQFlcn3OB5fuFkwD9isI8DvdvyrdMuSKEbN7Kpq0AL7BRf66X1q107m

peG7WYqy2405WV/0KEXYZmCsju10M6vv5na18LlSfkl/LdVudpcglKIAp/FgUndeboyTJD7A

j+pF80J/uwtsAEPe3Q+ykjlxGWFXfyEsUuF14f/I/gPkwz3S9JWRmJvdf7rglh886WtOAx9V

tm2DhFj2UgXJWkU1wB4aiQUGsNUr4PERoDC4q7SHaczPyTJ5y7LggLkCDQRSuN5JARAA7HcQ

gHq68rEZRFS1UC9WjcDuAqXFdPoqw+xCJjH7mlBw8/+qmFiGsqYsYme9NKiYlMgehIXBNoRh

LF2U37ouVZlq/oxiC2mJMULzf3zgrfhKJtqGhvdZOtyc6weDAsfGDAi4nrHSjWGcsnhUzg83

kFa7LUbahEINtV7C0hKjAHceGrVvcN2YRFWE3MOSn0W1rAnTRoIhoFiIlf89Cmr8MISAmG0v

1OKTF5FwARhvML4M0UfkIdTXxXwqrWZFYeafylur507X2qwBecC29ZMghVIqC/xB9IN6fZfc

NLXH+huT+avVPUoMLhHEFaY8cxyxlTlfx8hXKk9tsxw+Pa7ChsC5NK9/dvEqEhROfjRKANH+

vdhIPFWNVQLUTXhIsZBehS2WAZvPK30GpaAb3sE6vRX7aIMoSb6FSghklSUM2/NUpbuH9daH

w/H8vXHYhXG02vGubAaZNSCDTWXl4TMVQQQSfJ2M1S/f+rDveHc8DGkv+CGwRIIFdv7RSfkR

yQnIfHsOZGye8G0aPRZVKykt8r/zsVpZW4fwVxYwIDyWuShT7mxRZeIOTYPOe9G1X3R5BO1z

+9R1DoQ0nPrizasjzy8hXzW5B59Hzny7ZTL4afelP+MekuvoN02TgmBc2zOrsZVaZMw3DIuo

axU5HGc/rKM8SmmUc33M3dreass7TGUAEQEAAYkCHwQYAQIACQUCUrjeSQIbDAAKCRCwWjIA

5uPxvlJbD/9HHChdsqwri85xnQr1cRaFqv4fg1JrRhNYgYa0THlLT5tp+h5lhoJmfBWqfDnz

JlaHWJPA45V7ZM+1paFux78vL9cgR96jUHregEaNNLjcQcTqvig+SOt34zw7fIGtOSfqqzNh

9KfDKOS7ZLF2/2shfi7ece6uSv5vilNRPG+0ZHxcqfzgrurgP+ddGjlaUtZyhluXO2Xh5pq1

SoDKUh26ue/9kKUdhx1R/lToPlbmP2jCz8OzHmb+Nof522HnYIWMXRYD9UI4jz+c7BbrnK2q

nukp5ByilH6Jt8fxpKwYqKCjzbvW1dLMnl6ar7hVyAvvo37KE2A13ibvGj4L1MZAmPJQbNB/

51eEbj7aTBb+OZyOyrIfEffJSMcKrGZx3Mta3cCx1A8hRDVRGrinZ5XYRW2XiXvpMqnwlUCP

BGOSzcq95q1Rp8OYZNYVxmPPyQZC1DKopBx2rsAvPPsj+WyJ3LKm93mO5wE2yH/DFk9ZTaRQ

7S+5lSbL3SOgW2XUlTURqEvMJW5WRat0n6oZ7aUewL39TyKFNLRxZLeelndLUkqB0/vRRT8p

I3zz9MxnHNxyST6FO+z6VUin5eV92n6J0MDua2PzrOLkjU47Q7FBcWKtggedzv2I64Dq/8wh

t2zdJ1ewgqO4NNW4yOq6hGVgfUGeX89VamBwApgOkNHCLLkCDQRSuN6NARAAuh/Ovw2Jbg4a

tBFRih2k2VoX7odQkms6rgULzqykVHcOQLeldepbxf2KQXCDljLeOrZrST474BmWaNw8l/H1

dqirs9SbaseieX2X/BPMLGAOI6/33YB/xve9WqXHs6L//1W7JKoLj72rphpVnG/RYxQgwXnn

sVQHGHe8oG7j5oNHEHLUeaCeYLTzIMJB9n0eTFNQz9vYyzu1KFvGg0nSmI/EWmCrGofxdDce

MP1GS7eEGr9EbNjGC8rHIoKOHu7gQdJwJhJyYlPOOx65ARW15kRpVEen2dxc8aUDruJOteA5

E7IWKeczzETZRx/EbYlAEQ9hC2Zbc78ek6tXKnbuvhOSf+XKaKJddmTuprOpHm8IZTdBqFMV

BB4cFBVSGfIi0kR8HiixpH2V9Pudo3g+IMDPQOqDFhg5/OtsVk0ekSSrKxYFbeRiRsLGWqAV

RsmpacyamS5DGXtRgkAUJh5PTjsybxj6oL85F9Geg7Q/1cY0tT9XB9s6wuZcp3ywKmdwBzdL

xA+ymrK9rBO/IIjMX1iVOWv4phfc3pyknMgBPnnQiyGw6QYPkOG0zRXkNfVzUjKYUYKa+o5R

cFXFj071VLnITT2NgryAGvJPL4y1uZzmjTWz8DHAavggpfIJgbuea2MhydqGmelIklUZXnC8

NyPT5iGkCG6n3XscjxSXavkAEQEAAYkEPgQYAQIACQUCUrjejQIbAgIpCRCwWjIA5uPxvsFd

IAQZAQIABgUCUrjejQAKCRD0Mb/79hWmnlTbD/0TsuIvsLMR8x8gA7Ern6hSKhvOcO014pB6

U5STjHf1mOadV1SuqQYpwjO4lPkgHKsD6clISDzq0Vk1bUdXdfFv2B76W2iGIBCW2IMCaFjX

HJZ/mCNZGo7B+hUJCK+RKzKeXRXGKiICqaXyLNa3S8B5ykFWSOD8/GcEWAs2MPd89fqGyYyX

2vPH0wS4ouo9CVQ0IprKoqpIMSDQvH/cnU8BoqKT90W5Z5VDzRwJCUnWMSxa28CcYS7uYG6K

zejfRHnRqGmenPT+ZsaiKC752YDVBXrKV8AFw4YZfQCmLJtbexDgmMN8TUcNAxyRVn0mOkEc

Jlx2MDSRjXeRrz/ndUm5ujpMEw2U1VzJWspkDVnhWFVpac3EA83N0FKMeLgHVCCARjhjddas

fdXu/0xibgOFqRTbdF28GroVzXxCHGAkcsXrWRE9RLx4fP19+JRAIRs0V50APGZVNVKFMtNO

nKCksysLSs8GUZeBXKj4T85a1JQQpHakzB3Guo5RihYnZqXcMjdivO4to+iwhNdWwJOZ09Bl

5U44BVvzAGjW2POcNwZUenxEOTHIB4jKKNuZ5hadv4gvMyfxhZ0i87iPaiFqlaOkF2K84qOW

Yq4uo0NmaT5gd/7c+MNHHxFeoaeYm8d7zRkN9JWSa1ofoX3uITbyD+fewIyEI5eEmKzbgAtq

8rHID/41XROq9NryMCtoIdVPVHbpAeRj/qiesfLtPYtIjVdCHipf85ljHl2gJYYNr79wx5UH

S+O1V/WVnMMKYhLHVabG8EPpVjwHS4IMiNxAA9eeiiUnQpCIfKbhqQZ17GxesZaligvLowf7

IdnlnOEhz0PALl97wDAROFmxK0JoBkzf8Uf4REbL02CNfF3GqsAkxAqbulnBByLkUhXcK0SN

H7phd0T2DxI3OKuQ4+HcnBYtYvnlX35MM1euzcut9GP39EWz/j+4YHIZaX6UKdqTZQ5xWDvF

ygE8KCb4/w0kMxJ8VhCgabxGeGVyqHAbp4pGLZwF7fzS6r8SApfwuKOAgxNbWIvLrqGTiT98

clg/bweIvkF1P0HS14aCJqtppiLGiebSI+xOe6XAiEl7VpdefM7hNTnzsB2G+m2e0wzUuvt4

3VF1e5TBMNPQ1Y3IsrkLim3JQUNk68MnqSnp1XmRU4+SaI3bDJpWtGbK7gU05P6Dc4b6C/IZ

E0YB3tvtdLRDs0UCeXGVbtb49fGta57WqvVtJHEX3af2GpvBBbjeR8vyXH4jO4EChSiNhIfj

/YEiBtYBwwDmGjk76aTwTTk4Ky6VZzLN7qDJ96YhEwtzV80BvszcQHZD9ksxpc328PkSgfaR

2XaSEu8Gu53jiXCIKBbeKAQRwbOHwhG23TY4DfK2wQ==

=iM3E

-----END PGP PUBLIC KEY BLOCK-----

FireBounty © 2015-2019

Legal notices